03 Dec 2019

DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies

Under the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA) published a draft document that mandates vulnerability disclosure and outlines strategies for handling weaknesses. The CISA raised concerns that most civilian agencies’ lack of disclosure policies leads to confusion, and with the implementation of a requires vulnerability

Read More
26 Nov 2019

Most Organizations Have Incomplete Vulnerability Information

A new report by Risk Based Security shows that organizations need to get their vulnerability information from more sources than just the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD) systems if they want to identify all flaws in their environment. This year alone, researchers with the firm

Read More
25 Nov 2019

Critical Flaw In Android, iOS Phone App: 150 Million Users Put At Risk

A security recently discovered a critical vulnerability in the Truecaller app that is used daily by 150 million Android and iOS users in order to prevent them from receiving SPAM and other unwanted calls. The flaw made it possible for threat actors to “inject [a] malicious link as the profile

Read More
20 Nov 2019

PayMyTab Exposes Data of US Restaurant Goers

PayMyTab, a mobile payments provider, exposed the data of thousands of customers for 16 months after failing to follow security protocols on Amazon Web Services (AWS). Data exposed in the privacy breach includes personally-identifying information of customers who had requested a receipt from their dining experience be emailed or texted

Read More
15 Nov 2019

GitHub launches ‘Security Lab’ to help secure open-source ecosystem

At the GitHub conference on Thursday, GitHub announced a new program called Security Lab, a collaboration between different security researchers to fix bugs in open source projects. GitHub stated that the team will dedicate full-time resources to find vulnerabilities in popular open-source projects. The members come from organizations like Microsoft,

Read More
08 Nov 2019

Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now

Research by Microsoft shows that the new campaign in which attackers exploit RDP instances vulnerable to the BlueKeep vulnerability in order to install cryptojacking malware, is likely tied to a cryptojacking campaign observed in September of this year. BlueKeep is a critical remote code execution flaw affecting RDP services on

Read More
05 Nov 2019

Employees know vulnerabilities exist, but they can’t resolve them quickly enough

Just over half (52%) of organizations need between 1 day and a week to address a newly discovered vulnerability in their environment, while 22% require a month or longer, a new report by Adaptiva shows. Only about one in four firms (26%) is capable of remediating flaws within 24 hours

Read More
04 Nov 2019

The First BlueKeep Mass Hacking Is Finally Here—but Don’t Panic

Threat actors are actively exploiting the critical BlueKeep flaw that impacts Remote Desktop Protocol (RDP) implementations on unpatched older Windows operating systems. Microsoft and other companies have warned that the flaw, tracked as CVE-2019-0708, is very dangerous because it could be used by attackers to carry out a massive attack

Read More
04 Nov 2019

Chrome Zero-Day Vulnerability Exploited in Korea-Linked Attacks

Threat actors recently took advantage of a zero-day flaw in the Google Chrome browser in order to serve malware to users via a compromised website, a report by Kaspersky shows. The vulnerability, tracked as CVE-2019-13720, affected Chrome for Windows, macOS and Linux. Google released a patch for the flaw and

Read More
04 Nov 2019

Android bug lets hackers plant malware via NFC beaming

A serious flaw in the Android operating system could have allowed threat actors to distribute malware via NFC beaming, an Android service that uses NFC (Near-Field Communication) radio waves in order to transfer data and software to other nearby devices that have NFC enabled. Last month, Google issued a patch

Read More